RSA Day 2 – Hacking the sessions

As day two of RSA started I was in customer meetings until after lunch time, and then a long (LONG) drive back to the conference. The cool thing about RSA is that the content is seriously overwhelming. I missed a few items on Monday’s post, so I want to start by talking about a few startups that were in the Sandbox. The Sandbox is a mini-show area where 10 companies show their new innovations and you can vote on the best of show via text messaging. At the end of day on Monday an award was given… I’ve not seen the outcome, but I did get a chance to briefly listen to each of the 10 startups talk about their innovation.

Innovation Sandbox AgendaBugCrowd – A crowd sourcing platform for PEN testing. They provide both private (small group of select security analysts) and public security testing of your applications. These can be your actually website, or other code provided in VM images. A former TopCoder guy was their asking a ton of good questions on vetting the crowd, and any liability that may be implied by this approach. The speaker did not fully understand the questions, however I do agree that the public crowd approach is no different than people just trying to hack your site today.

CyberReason – A machine learning and algorithms platform to prioritize and identify incidents in real-time. Help your analysts to not only understand an attack is happening, but what is being impacted, etc.

FortScale – A Cyber Incident analytics system. Their tools help identify those events in your SOC that analysts should focus on. They indicated that you don’t need “predefined” rules, so that their algorithms will help you focus on those events that are critical to focus on.

NexDefense – Security for ICS (Industrail Control Systems), their Sophia system provides a (Patent Pending) set of anomaly detection algorithms for SCADA and other ICS.

SecurityDo – They are using a term I’ve not heard before (maybe it’s just marketing) – BIEM (Breach Information Event Management) system. Over simplificaiton is they provide a dashboard, search, and reports on breach events, identifying where you need to focus due to a event getting past your defenses.

SentinelOne – End point protection with algorithms for threat identification, prediction (what will it do), and prevention (stop that predicted activity).

TicTo – An interesting way of addressing having physical access with additional audit and controls. The company provides a security badge, with an e-ink display to show the level of authority an individual has based on geolocation information. There’s also a red, yellow, green light that is on the badge to provide a second way of identifying that you are allowed to be where you are.

Trust In Soft – Source Code analytics to identify potential security problems. This space is interesting to me, I was a long time user of PC-Lint back in the day.

Vectra – An APT analytics platform which uses machine learning and correlation to identify, prioritize and provide attack information in context. They claim multiple patents (pending) in this space.

WaraTek – Developing and maintaining security for Java Apps. This company not only provides CloudVMs for Java apps, they provide a JVM that addresses the security aspects necessary for Java Apps. WaraTek puts the securirty in the JVM itself, so you can protect legacy Java applications, without rewriting, etc.

I spend the after on Tuesday in a few sessions… The two most interesting were a session on Mobile security and one on IoT attack vectors. The first was done by a company out of Israel (Skycure) which went thru how a security bug in IOS could create a iOS free zone by causing a constant reboot of your iOS device. Cool discussion, and as responsible researchers they have already provided information to Apple on this flaw. The second session was a principal at HP talking about their OWASP project on IoT Security vulnerabilities. Go check it out here at the OWASP site.